WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.
PoC: CVE-2019-9978
CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)
PoC: CVE-2019-9978
CVE-2019-9978 - RCE on a Wordpress plugin: Social Warfare < 3.5.3
PoC: CVE-2019-9978
Wordpress Social Warfare Remote Code Execution (AUTO UPLOAD SHELL)
PoC: CVE-2019-9978
POC (RCE) -> CVE-2019-9978
PoC: CVE-2019-9978-Social-Warfare-WordPress-RCE
A complete walkthrough and exploit for CVE-2019-9978 - Unauthenticated Remote Code Execution in Social Warfare WordPress plugin ≤ 3.5.2. Includes vulnerable code analysis and payload examples.
PoC: Vuln_Remediation_MegaQuagga
Remediation report for MegaQuagga Publishing validating the mitigation of CVE-2019-9978 through progressive defensive layering. Documents reverse proxy insertion, ModSecurity WAF deployment, Graylog SIEM integration, and SSL/TLS enforcement using multi-stage Wireshark PCAP analysis across pfSense WAN and LAN interfaces.
PoC: Vuln_Exploitation_MegaQuagga_Pentest
Penetration test report for MegaQuagga Publishing documenting a six-phase engagement that chained CVE-2019-9978 and CVE-2023-4842 to achieve unauthenticated Remote Code Execution and a persistent Meterpreter session. Includes full methodology, exploitation evidence, and prioritized remediation recommendations.
PoC: MegaQuagga_Pentesting_Report
Web application penetration testing project targeting a WordPress environment. Includes exploitation of CVE-2019-9978, reverse shell execution, post-exploitation steps, and full pentesting report.
PoC: CVE-2019-9978-RCE-PoC
A custom Python proof-of-concept showcasing root-cause analysis and exploitation of CVE 2019-9978 (Social Warfare plugin),focusing on practical RFI to RCE attack flow.
PoC: payloadCVE-2019-9978
payload txt
PoC: CVE-2019-9978-Social-Warfare-WordPress-Plugin-RCE
The `swp_debug` parameter in `admin-post.php` allows remote attackers to include external files containing malicious PHP code, which are evaluated on the server. By supplying a crafted URL that hosts a reverse shell payload, an attacker can gain command execution.
PoC: CVE-2019-9978
A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting versions below 3.5.3.
PoC: cve-2019-9978
cve-2019-9978 PoC
PoC: CVE-2019-9978-Python3
python3 version of the CVE-2019-9978 exploit
PoC: CVE-2019-9978
Remote Code Execution in Social Warfare Plugin before 3.5.3 for Wordpress.
PoC: CVE-2019-9978_Exploit
Social WarFare Plugin (<=3.5.2) Remote Code Execution
PoC: cve-2019-9978
cve-2019-9978
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free